Redacting GIT repo's

So, you have committed a sin of checking in data/passwords/secrets and tokens. How do you remove them from the git log. There are several tools available you can use, and I'm going to show a quick example of using BFG.

Note: Do not fork the repo in the GitHub interface if you are redacting a repo to share your code with others.

In this example, I will assume we will push the changes to a new repository.

Note: if you are workign with github you should close all pull requests and disable dependabot for this operation.

  1. Create text file with each line containing a string/secrect you want to redact from your repo
  2. Create the new reposisotry in github to store the redacted copy

Next run the following

  git clone --mirror
  cd example.git
  git reflog expire --expire=now --all && git gc --prune=now --aggressive
  bfg --no-blob-protection --replace-text ../redecations.txt
  bfg --delete-folders bad_folder_with_secrets
  git remote add redacted_repo
  git push redacted_repo --mirror

Do you have any question to us?

Contact us and we'll get back to you as soon as possible.